<?php

/*----------------------------------------------+
|  MaxForum					|
|  ===========================================	|
|  By Majd Almontaser				|
|  Released under the License GNU v3.0		|
|  http://www.Max4Dev.com			|
|  ===========================================	|
|  Ttmtt Team - http://www.liioiil.com		|
+-----------------------------------------------*/

if (!defined('MAX_ON')){
	echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";
	exit();
}
	
if ($can_change_forum_settings != 1 || $can_change_site_settings != 1)

	max_redirect('index.php?page=admin', 'admin');

error_reporting(E_ALL ^ E_NOTICE);

# Get blocks settings
$query	= mysql_query('SELECT menu_block FROM ' . $db_prefix . 'settings');
$row	= mysql_fetch_assoc($query);
$menu_block = $row['menu_block'];

template_hook("pages/admin/blocks.template.php", "start");

# Load lang
@include 'language/' . $board_lang . '';
@include 'language/' . $board_lang . '.php';

switch ($_GET['sub'])
{
	case 'add_block':

		if ($_SERVER['REQUEST_METHOD'] == 'POST')
		{
			#---------------------------
			# Verify our inputs
			#---------------------------
			
				$title = escape_string($_POST['title']);
				$cont = mysql_real_escape_string($_POST['contant']);
				$b_name = escape_string($_POST['block_file']);

			#---------------------------
			# Insert DB
			#---------------------------

				mysql_query('INSERT INTO ' . $db_prefix . 'blocks (title, contant, block_file) VALUES ("' . $title . '", "' . $cont . '", ' . $b_name . ')');

			#---------------------------
			# And redirect...
			#---------------------------
			
				max_redirect('index.php?page=admin&act=blocks', 'admin/blocks');
		}
		else
		{
			template_hook("pages/admin/blocks.template.php", "4");
		
			if ($handle = opendir($max_root.'blocks')) { 
				while (false !== ($file_name = readdir($handle))) {
					$exp_file = str_replace("_block", "||block", $file_name);
					$exp_file = explode("||", $exp_file);
					if ($file_name != "index.html" AND $exp_file[1] == "block") {
						$block_file_name = str_replace("_", " ", $exp_file[0]);
						
						template_hook("pages/admin/blocks.template.php", "6");
					} 
				} 
				closedir($handle); 
			}
			
			template_hook("pages/admin/blocks.template.php", "7");
		}
	
		break;
		
	case 'edit_block':
	
		if ($_SERVER['REQUEST_METHOD'] == 'POST')
		{
			#---------------------------
			# Verify our inputs
			#---------------------------
				
				$id = escape_string($_POST['id']);
				$title = escape_string($_POST['title']);
				$cont = mysql_real_escape_string($_POST['contant']);
				$b_name = escape_string($_POST['block_file']);
				
			#---------------------------
			# Update DB
			#---------------------------
			
				mysql_query('UPDATE ' . $db_prefix . 'blocks SET title = "' . $title . '", contant = "' . $cont . '", block_file = "' . $b_name . '" WHERE id = ' . $id . ' LIMIT 1');
				echo mysql_error();
			#---------------------------
			# And redirect...
			#---------------------------
			
				max_redirect('index.php?page=admin&act=blocks', 'admin/blocks');
		}
		else
		{
			$id = escape_string($_GET['id']);
			
			#----------------------
			# Get block info
			#----------------------
			
				$query	= mysql_query('SELECT * FROM ' . $db_prefix . 'blocks WHERE id = ' . $id . ' LIMIT 1');
				$info	= mysql_fetch_assoc($query);
				
			template_hook("pages/admin/blocks.template.php", "5");
			
			if ($handle = opendir($max_root.'blocks')) { 
				while (false !== ($file_name = readdir($handle))) {
					$exp_file = str_replace("_block", "||block", $file_name);
					$exp_file = explode("||", $exp_file);
					if ($file_name != "index.html" AND $exp_file[1] == "block") {
						$block_file_name = str_replace("_", " ", $exp_file[0]);
						
						template_hook("pages/admin/blocks.template.php", "8");
					} 
				} 
				closedir($handle); 
			}
			
			template_hook("pages/admin/blocks.template.php", "9");
		}
	
		break;
		
	case 'delete_block':
	
		$id		= escape_string($_GET['id']);
		
		mysql_query('DELETE FROM ' . $db_prefix . 'blocks WHERE id = ' . $id . ' LIMIT 1');
		
		#---------------------------
		# And redirect...
		#---------------------------
			
			max_redirect('index.php?page=admin&act=blocks', 'admin/blocks');
	
		break;

	default:
	
		# If settings have been updated..
		if ($_SERVER['REQUEST_METHOD'] == 'POST')
		{
			#------------------------
			# Sanitise inputs
			#------------------------
			
				$menu_block	= ((int) $_POST['menu_block'] == 1) ? 1 : 0;
			
			#-----------------------------
			# Update the database
			#-----------------------------
			
				mysql_query('UPDATE ' . $db_prefix . 'settings SET menu_block = ' . $menu_block . ' LIMIT 1');
				
			# Delete cache
			
				$Cache->delete('settings');
			
			#------------------------
			# Redirect
			#------------------------
			
				max_redirect('index.php?page=admin&act=blocks', 'admin/blocks');
		}
		else
		{
			# Show starting hooks
			template_hook("pages/admin/blocks.template.php", "1");
			
			#--------------------------------
			# List blocks
			#--------------------------------
			
				$query = mysql_query('SELECT id, title, contant, block_file FROM ' . $db_prefix . 'blocks');
				
				while ($row = mysql_fetch_assoc($query))
				{
					if($row['block_file'] == '0'){
						$b_type = 'HTML';
					}else{
						$b_type = 'PHP';
					}
					template_hook("pages/admin/blocks.template.php", "2");
				}
			
			template_hook("pages/admin/blocks.template.php", "3");
		}
	
		break;
}

template_hook("pages/admin/blocks.template.php", "end");
?>
